Basic auth header on WebDAV requests is not bruteforce protected